Student verification in the UK federation

The UK federation helpdesk is frequently asked if we have a way to verify whether a person is a student. This page explains.

The UK federation exists to allow owners of online resources to make them available to academic organisations. To do this, the resource owners install service provider (SP) software. The members of the academic organisations then access this software through their identity provider (IdP) software.

UK federation membership

To use the UK federation to assess whether a person is a student, your organization must join the UK federation. Our eligibility policy states that your organization must be in the interests of education and research
and/or be of benefit to the UK federation or its members. We have traditionally allowed organizations into the UK federation that wish to offer student discounts, for example.

Overview of mechanism for verifying student status

Once your organization has joined the UK federation, you can deploy and register an SP (Service Provider) entity. When someone arrives at your SP, they determine their home organization's Identity Provider (IdP) and are directed to the IdP. They authenticate. The IdP sends attributes about that person to the SP. Your SP checks that there is an eduPersonScopedAffiliation attribute which includes an affiliation of student.

However, a number of home organizations simply release the 'member' affiliation statically for everyone, so if students at those organizations want to be verified, they'd have to persuade their IdP to release eduPersonScopedAffiliation correctly. We therefore suggest that your SP has a standard method for the student to prompt their IdP home organization to release the appropriate attribute. For example, the IdP's metadata contains a support email address, so you could extract this information and allow the user who is a student to contact their IdP's support address to determine why they don't have a student affiliation.